nmz.me

This is my public notebook.

---

Project maintained by nicomz Hosted on GitHub Pages — Theme by mattgraham

OpenSSL

SSL

View server SSL certificate:

openssl s_client -connect www.google.com:443 -showcerts < /dev/null

In case something like this is shown:

CONNECTED(00000003)
140427920371416:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:

The simple explanation of this error is that your Certificate might be using SNI and it’s not supported by your OpenSSL version. This happens if you are using CloudFlare Flex SSL Certificates (As I am).
The workaround is to inform the expected servername. Sample Solution:

openssl s_client -servername nmz.me -connect nmz.me:443 -showcerts < /dev/null

X509 Certificates

Show CRL Contents

To view CRL contents, simply, download CRL File and:

openssl crl -inform DER -text -noout -in mycrl.crl

OCSP Validation

openssl ocsp -issuer ./ac.pem -CAfile ./ca_chain.pem -cert ./mycert.pem -url http://myocsp/ocsp/

To perform OCSP validation, you need:

• Issuer Certificate (ac.pem)
• Complete certificate chain. This is a single file with all the intermediates issuers certificates, and the root ac certificate appended.(ca_chain.pem)
• Certificate you are validating (mycert.pem)
• Ocsp responder URL.